[rsyslog] Rsyslog /var/log/messages

Kaul, Ashutosh ashutosh.kaul at amd.com
Tue Aug 21 17:08:15 CEST 2007 

 
Hi Rainer/all,

Thanks for the help, actually there were two problems,

1) Not able to log hostname from HP-UX - Sorted by using the %HOSTNAME%
directive

2) Not able to log hostname from CISCO IOS. It's able to send to old
syslog server - Still Pending.


Pasting the logs for the same

Aug 21 09:56:08 50644414 08/21/2007 08:56:20.820 SEV=5 <xX> RPT=1426140
<IP ADDRESS>  Group [groupname] User [ysofer] Sending IKE Delete With
Reason message: No Reason Provided.
Aug 21 09:56:08 50644418 08/21/2007 08:56:20.830 SEV=4<AUTH0>
RPT=1013753 <IPADRESS> User [username] Group [Groupname] disconnected:
Session Type: IPSec/NAT-T  Duration: 7:59:39  Bytes xmt: 27550464  Bytes
rcv: 11482680  Reason: User Requested
Aug 21 09:56:08 50644418 08/21/2007 08:56:20.830 SEV=4 <AUTH/28>
RPT=1013753 <IP ADDRESS> User [username] Group [Group Name]
disconnected:  Session Type: IPSec/NAT-T  Duration: 7:59:39  Bytes xmt:
27550464  Bytes rcv: 11482680  Reason: User Requested

And really appreciate the support provided by all.

Regards,
Ashutosh


-----Original Message-----
From: rsyslog-bounces at lists.adiscon.com
[mailto:rsyslog-bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
Sent: Friday, August 17, 2007 3:11 AM
To: rsyslog-users
Subject: Re: [rsyslog] Rsyslog /var/log/messages

Can you post the output of %rawmsg% - I think it has to do with the
message. However, FROMHOST should always work. I would be useful if you
run it in debug mode (-d -n) and post that output, too.

Rainer 

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com 
> [mailto:rsyslog-bounces at lists.adiscon.com] On Behalf Of Kaul, Ashutosh
> Sent: Thursday, August 16, 2007 3:14 PM
> To: rsyslog-users
> Subject: [rsyslog] Rsyslog /var/log/messages
> 
> Hi all,
> 
> I have a installed and configured  rsyslog-1.17.6 for a centralized 
> syslog server, currently it's accepting syslogs at both UDP as well as

> TCP but when I check my /var/log/messages file I find that it doesn't 
> log the hostname.
> 
> Pasting the one of the syslog
> Aug 16 08:07:56 50091162 08/16/2007 07:08:03.390 ..truncated
> 
> In place of 50091162 it should log the ip address.
> 
> I did some initial research in which it was mentioned the template 
> needs to have %FROMHOST% rather than %HOSTNAME% which I did but to no 
> luck.
> 
> http://www.rsyslog.com/PNphpBB2-viewtopic-t-101.phtml
> 
> Thanks in advance for help.
> 
> Regards,
> Ashutosh
> 
> 
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> 
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog

More information about the rsyslog mailing list